[Hiring] Director of Information Security Engineering @Penn Mutual

Role Description

The Director of Information Security Engineering role participates on a team of information security employees that own technical analysis, guidance, consulting, and configuration of information security tooling, operations, and projects. Information Security Engineers help resolve tactical and strategic initiatives related to the information security function.

Responsibilities

• Leads and supports Information Security team members with risk analysis of identified issues or events and is able to perform inspection to traverse multiple security tools and/or logs to uncover additional facts surrounding the event without direction.
• Frequently monitor, test, and make improvements to security practices in place for network, system, applications, and/or operations management without oversight needed.
• Consult with engineers to provide vulnerability identification and/or remediation support as needed.
• Oversee vendor relationships regarding security system updates, technical support, and/or driving POC’s of security projects.
• Identify opportunities to improve work processes and/or automate improvements to make them more effective and/or to strengthen security measures under limited or no supervision.
• Liaise with and support security operations center (SOC) analysts with limited or no direction.
• May be asked to serve in on-call rotation.
• Assist and/or lead proof-of-concepts, analysis, and/or implementation of security tooling with limited or no direction.
• Review, analyze and/or respond to phishing (abuse) submissions and alerts without direction.
• Provide support and/or evidence as necessary for audits, regulatory exams, and/or assessments.
• Provide information as necessary to track, communicate, and/or improve Information Security team metrics and/or reports.
• Proactively identify opportunities and/or gaps in our security posture and influence others to support reducing security risk likelihood and/or impact.
• Collaborates with IT and business partners to ensure security is factored in to the evaluation, selection, installation, and/or configuration of hardware, software and/or infrastructure.
• Perform other related activities and projects as required.
• Participate in an entirely remote working environment (such as using webcam and participating verbally or with reactions).

Qualifications

• Bachelor or Master Degree in computer-related or information security related field and/or 6-12 years equivalent work experience required.
• Information Security certifications (like CISSP) and/or AWS certifications preferred.

Requirements

• Ability to understand and work in varied computing environments (including AWS) with limited or no direction.
• Able to demonstrate understanding of a broad range of computer and information security topics; including networking, database management, application and infrastructure security, vulnerability management, identity access management, and X-as-Code concepts.
• Demonstrates a commitment to AI fluency by embracing AI tools and technologies to enhance individual and team performance, decision-making, and innovation.
• Strong understanding of common vulnerabilities and mitigations.
• Strong understanding of how to protect data and data movement.
• Able to problem-solve computer related issues without direction.
• Understanding of DevOps practices and Agile methodologies.
• Solid understanding of Identity Access Management concepts (in AWS preferred).
• Able to manage multiple complex assignments without direction needed.
• Solid understanding of coding and/or scripting concepts in more than one language.
• Solid understanding of architecture concepts.
• Demonstrates written and verbal communication abilities, including with senior leadership.
• Work effectively with other employees in a fully remote environment.
• Strong time management.

Benefits

• Base Salary Range - $170,000-$190,000.